Skills
skills/danielsogl/copilot-workflow-demo/openspec-continue-change/Gen Agent Trust Hub

openspec-continue-change

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the openspec CLI to perform operations such as listing changes, checking status, and retrieving instructions. These commands are executed locally to manage the artifact lifecycle.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes data from external sources (CLI output and project dependency files) and uses that data to determine the content of new files.
  • Ingestion points: The skill reads JSON data from openspec instructions and content from local files identified as dependencies.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands within the dependency files or CLI output.
  • Capability inventory: The skill has the capability to execute shell commands and write files to arbitrary paths defined in the CLI instructions.
  • Sanitization: No sanitization or validation logic is present to inspect the content of ingested data before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:09 AM
Security Audit — agent-trust-hub — openspec-continue-change